• Malicious software bypasses built-in protections and targets developers’ security keys
• Sophisticated attack chain relies on impersonation tactics to deliver deceptive applications

Reports have revealed a new cyberattack targeting the macOS operating system, in which hackers managed to bypass Apple’s built-in security mechanism known as “Gatekeeper.” The breach has raised concerns over a potentially wide-reaching threat affecting millions of users worldwide.

According to researchers at the cybersecurity firm Mosyle Security, two newly identified malware strains dubbed “Phoenix Worm” and “ShadeStager” are being used in coordination to infiltrate developers’ devices and steal sensitive digital credentials, including signing keys used to verify legitimate applications.

The attack begins by targeting software developers through fake job offers, urgent project requests, and other social engineering techniques designed to trick victims into installing malicious software without suspicion.

Once inside the system, Phoenix Worm operates as a surveillance tool, collecting data and monitoring activity, while ShadeStager is deployed in a second phase to extract development keys and cloud access credentials, enabling deeper compromise of systems.

Security experts warn that possession of these keys allows attackers to impersonate trusted developers and distribute malicious applications that appear to be officially verified by Apple, making detection significantly more difficult.

The scale of the threat is believed to be substantial, with estimates suggesting more than 100 million Mac users could be exposed, given the trust-based verification model used by macOS.

Analysts expect Apple to roll out urgent security updates in response, while urging developers and users alike to exercise caution when handling emails, links, and software downloads, particularly those originating from unfamiliar sources or requesting Terminal-based commands.

Cybersecurity specialists emphasize that digital awareness remains the first line of defense against increasingly sophisticated attacks that rely more on user deception than system breaches.